Unattended upgrades
-------------------

This script can install security upgrades automatically and
unattended. However, it is not enabled by default. Most users 
enable it via the Software Sources programm (available in 
System/Administration), which has a simple radiobutton in the UI 
for enabling unattended upgrades. 

If you would prefer to enable it from the command line, run 
"sudo dpkg-reconfigure -plow unattended-upgrades".

It will not install packages that require dependencies
that can't be fetched from security and it will check for conffile
prompts before the install and holds back the package that creates
them. 

== Setup ==

The unattended-upgrades package will *not* act unless it is enabled
explicitly.  To activate this script you need to ensure that the apt
configuration contains the following lines (this can be done via the
graphical "Software Source" program or via dpkg-reconfigure):

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

This means that it will check for upates every day and install them
(if that is possible). If you have update-notifier installed, it will
setup /etc/apt/apt.conf.d/10periodic. Just edit this file then to fit
your needs. If you do not have this file, just create it or
create/edit /etc/apt/apt.conf - you can check your configuration by
running "apt-config dump".

== Options ==

By default it will only install from the the stable and security
repository. 

This can be changed either with the
"Unattended-Upgrade::Origins-Pattern" or the 
"Unattended-Upgrade::Allowed-Origins" apt configuration lists.

The Unattended-Upgrade::Origins-Pattern is a flexible matting
mechanism. The entries in a single line need to be all matched (its a
logical AND). If you have multiple patterns one match for the complete
pattern is enough (logical OR). E.g.:

 Unattended-Upgrade::Origins-Pattern {
        "origin=Google\, Inc.,suite=aArchive";
        "site=www.example.com,component=main";
 };

will upgrade a package if either "origin matches google and
suite=aArchive" or if the package comes from www.example.com and is in
the component "main". The apt-cache policy short identifiers
(o=Debian) are also supported.

For Origins-Pattern its always (origin, archive) The value of "origin"
is taken from the "Origin:" header in the file, the value of "archive"
is taken from the "Suite:" header. This is also available via the
"apt-cache policy" command (without further argument). E.g. security
is listed there as "o=Debian" and "a=stable".

All operations will be logged in /var/log/unattended-upgrades/. This
includes the dpkg output as well.

See https://wiki.ubuntu.com/AutomaticUpdates for more details about
this feature.

The following configuration options are supported via the standard 
apt configuration: 
"APT::UnattendedUpgrades::LogDir"
"APT::UnattendedUpgrades::LogFile"
"Unattended-Upgrade::Allowed-Origins"
"Unattended-Upgrade::Package-Blacklist"
"Unattended-Upgrade::Mail"

If you use the mail feature, make sure that /usr/bin/mail is available
and working (usually the mailx package is required).

== Debugging ==

If something goes wrong or if you want to report a bug about the way
the script works its a good idea to run:
$ sudo unattended-upgrade --debug --dry-run

and look at the resulting logfile in:
/var/log/unattended-upgrades/unattended-upgrades.log 
then. It will contain additional debug information.

== Config example ==

A example configuration that will install from the
jaunty-security and jaunty-updates repositories daily:

------------------------------8<--------------------------------------
// Automaticall upgrade packages from these origin patterns
Unattended-Upgrade::Allowed-Origins {
	"o=Debian,l=Debian-Security,a=stable";
};
 
// List of packages to not update
Unattended-Upgrade::Package-Blacklist {
//	"vim";
	"libc6";
	"libc6-dev";
	"libc6-i686";
};

// Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent
//Unattended-Upgrade::Mail "root@localhost";

// These APT::Periodic settings mean that each day the /etc/cron.daily/apt 
// cron job will the update package list, download packages and then run 
// unattended-grade to install them. 
// Lock/Stamp files are in /var/lib/apt/periodic/
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::Unattended-Upgrade "1";

------------------------------8<--------------------------------------

